Overview

overview

10

Static

static

10

b676dadc10...6d.exe

windows7-x64

10

b676dadc10...6d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8462795ada587c3bccdb59c2f48e5bfe.bin

  • Size

    20KB

  • Sample

    240724-dqxmasvfkq

  • MD5

    dee27106b89b6a767cdc1db4be57c29b

  • SHA1

    981be531ec334b7d15997011d3e5bb69a4faa533

  • SHA256

    308c4f2eb6da5e89b98cd1a6c7634f433ea467ab07043d84a1b178c78489e8c5

  • SHA512

    bc29749580d800907ce89a53fbc2d2b1e34e07de7e7cf9e58eabccb1e579d121212a16bbfcf8934ebe33a975ff20460301e20e14e8169656ab0ccc8328cec158

  • SSDEEP

    384:E/55+YywEjVgt45mc+2l1i5WV14c+lQF9T5e4oc8PsuGuQ2+tnCIk:85+9ZjVMU+gQ614a/ew8PRGuEBk

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

62.133.174.224

Mutex

RuntimeBroker

Attributes
  • delay

    500

  • install_path

    appdata

  • port

    3056

  • startup_name

    RuntimeBroker

Targets

    • Target

      b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d.exe

    • Size

      46KB

    • MD5

      8462795ada587c3bccdb59c2f48e5bfe

    • SHA1

      ae155c1d78ba4adfbfe5aa022a2deb725fc1dc9a

    • SHA256

      b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d

    • SHA512

      7860b4447fe17084e0225a052d9712b3fe332cdd6e4f59d1057e4613c07c416f1cfe36c1a49bf0f631a4289ac49fb24518c63fb03ed7a6df2af832361e764ff6

    • SSDEEP

      768:qdhO/poiiUcjlJInfFH9Xqk5nWEZ5SbTDa/WI7CPW5w:Mw+jjgnNH9XqcnW85SbT+WII

    Score
    10/10
    xenoratdiscoveryrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks